Deep Security Center

RULE UPDATE: 15-034 (November 10, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability


Microsoft Office
1007166 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6038)
1007167 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6091)
1007168 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6092)
1007183 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6093)
1007169 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6094)


OpenSSL
1007072 - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)


Web Application Common
1007170 - Identified Suspicious China Chopper Webshell Communication


Web Application PHP Based
1007138 - Restrict WordPress XMLRPC 'system.multicall' Request
1007135 - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack


Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability


Web Client Common
1007165 - Adobe Acrobat And Reader Buffer Overflow Vulnerability (CVE-2015-6692)
1006912* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3124)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1007160 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6103)
1007161 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)
1007159 - Microsoft Windows Journal Heap Overflow Vulnerability (CVE-2015-6097)
1006433* - Microsoft Windows OLE Remote Code Execution Vulnerability - 3
1006997 - Multiple Browser libjpeg-turbo Memory Corruption Vulnerability
1007056 - Oracle Java Runtime Environment Type2BuildChar Function Memory Disclosure Vulnerability (CVE-2015-2619)
1007162 - Oracle Java SE Remote Security Bypass Vulnerability (CVE-2015-4902)
1007019 - Oracle Java SE True Type Font Heap Corruption Vulnerability


Web Client Internet Explorer
1007097* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
1007100* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
1007139 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6064)
1007140 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
1007141 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6066)
1007142 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6068)
1007143 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6070)
1007144 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071)
1007145 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6072)
1007146 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6073)
1007147 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
1007148 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6076)
1007149 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6077)
1007150 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6078)
1007151 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6079)
1007152 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6080)
1007153 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6081)
1007154 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6082)
1007155 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6084)
1007156 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
1007177 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
1007157 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6087)
1007180 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)
1007158 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6089)
1007105* - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)


Web Client SSL
1003779* - Null Truncation In X.509 Common Name Spoofing Vulnerability


Web Server Apache
1001028* - Apache HTTP Server Mod_Cache Denial Of Service Vulnerability


Web Server Miscellaneous
1000568* - Absolute Path Traversal Vulnerability In Easy File Sharing Web Server
1006700* - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-033 (October 27, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP AutoPass License Server
1006811* - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)


HP OpenView
1003899* - HP OpenView Data Protector Application Recovery Manager Buffer Overflow


Microsoft Office
1007112* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)


OpenSSL Client
1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)


Suspicious Client Application Activity
1007113 - HTRANS Response Detected


TFTP Server
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload


Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS


Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability


Web Client Common
1006735* - Adobe Acrobat And Reader Multiple Remote Security Bypass Vulnerabilities
1007122 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution (CVE-2015-3073)
1006973* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006980* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1007126 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7625)
1007127 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7627)
1007132 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7633)
1007128 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-7628)
1006916* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
1007129 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7629)
1007130 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7631)
1007131 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7632)
1007031 - Google Chrome SVG Use After Free Arbitrary Code Execution Vulnerability (CVE-2015-1256)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006956* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)


Web Client Internet Explorer
1007102* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007096* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007094 - Microsoft Internet Explorer Stack Underflow Vulnerability
1007107* - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007104* - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)


Web Server Miscellaneous
1006700 - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
1006808* - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities


Windows Services RPC Server
1007134 - Batch File Upload On Network Share
1007065 - Executable File Uploaded On Network Share
1007064 - Executable File Uploaded On System32 Folder Through SMB Share
1007114 - Portable Executable File Uploaded On SMB Share
1007121 - Remote Access Event Through SMBv2 Protocol Detected


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-032 (October 13, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1007119 - Identified Malicious Adobe Flash SWF File - 2


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-031 (October 13, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1003655* - Application Control For Share NT5


Directory Server LDAP
1002614* - OpenLDAP ber_get_next BER Decoding Denial of Service


HP AutoPass License Server
1006811 - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)


Microsoft Office
1006941* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1007110 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555)
1007111 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557)
1007112 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)


OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006920* - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


Suspicious Client Application Activity
1007116 - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability


Web Application PHP Based
1006656* - Magento Admin Authentication Bypass Vulnerability


Web Client Common
1007090 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6676)
1007093 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6678)
1006772* - Adobe Flash Player Cross Domain Policy Bypass Vulnerability
1006985* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
1006986* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
1007073 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5567)
1007078 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
1007079 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5575)
1007080 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5576)
1007081 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5578)
1007082 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5579)
1007083 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5580)
1007085 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5582)
1007088 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5588)
1002948* - Adobe Flash Player SWF Version Null Pointer Dereference Denial Of Service
1007076 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5572)
1007091 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-6679)
1007087 - Adobe Flash Player Stack Buffer Overflow Vulnerability (CVE-2015-5587)
1007077 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-5573)
1007115 - Adobe Flash Player Use After Free Vulnerability
1006590* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
1006780* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1007075 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5570)
1007084 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5581)
1007086 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5584)
1007092 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-6682)
1007074 - Adobe Flash Player Vector Length Corruption Vulnerability (CVE-2015-5568)
1007063 - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
1006631* - Identified File Protocol Handler In HTTP Location Header
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1007061 - Mozilla Firefox Arbitrary JavaScript Code Execution
1005849* - RealNetworks RealPlayer Stack Based Buffer Overflow Vulnerability


Web Client Internet Explorer
1007106 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046)
1007102 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007108 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059)
1007097 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
1007098 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007099 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048)
1007100 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
1007101 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050)
1007096 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007103 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055)
1007107 - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007105 - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
1007104 - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)


Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1


Web Server Common
1007117 - Identified Python Werkzeug Debugger Remote Code Execution


Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability


Web Server Miscellaneous
1006808 - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-030 (September 22, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1003655* - Application Control For Share NT5


Application Control Packet Size Detection
1007034 - Application Control For Share EX2 P2P


Microsoft Office
1007039* - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006940* - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1007040* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)
1006323* - Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
1006471* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
1007059 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)


Port Mapper Windows
1001033* - Windows Port Mapper Decoder


Remote Desktop Protocol Server
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)


TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS


Web Application Common
1000608* - Generic SQL Injection Prevention


Web Application Miscellaneous
1003707* - Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability


Web Client Common
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006907 - Google Chrome Type Confusion Remote Code Execution Vulnerability (CVE-2015-1230)
1006996* - Identified Suspicious Microsoft Word RTF File - 1
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006949* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1005351* - Oracle Outside In Technology Paradox Database Stream Filter Vulnerability
1007047* - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)


Web Client Internet Explorer
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007046* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)


Web Client Mozilla Firefox
1006954* - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)


Windows Media Service
1004097* - Media Services Stack-based Buffer Overflow Vulnerability


Windows Services DNS Server RPC Interface
1000986* - Microsoft Windows DNS Server RPC Buffer Overflow


Windows Services RPC Client
1006994 - Executable File Download On Network Share Detected


Windows Services RPC Server
1006995 - Remote Add Job Through SMBv1 Protocol Detected
1007037 - Remote Add Job Through SMBv2 Protocol Detected
1007020 - Remote CreateService Request Detected Through SMBv1 Protocol
1007066 - Remote Delete Job Through SMBv1 Protocol Detected
1007038 - Remote Delete Job Through SMBv2 Protocol Detected
1007035 - Remote DeleteService Request Through SMBv1 Detected
1007070 - Remote PWDUMP Through SMBv1 Protocol Detected
1007057 - Remote Registry Access Through SMBv1 Protocol Detected
1007021 - Remote Registry Access Through SMBv2 Protocol Detected
1007032 - Remote Schedule Task Create Through SMBv1 Protocol Detected
1007033 - Remote Scheduled Task Access Through SMBv1 Protocol Detected
1007069 - Remote Service Execution Through SMBv1 Detected


Windows Services RPC Server DCERPC
1007054 - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053 - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017 - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068 - Remote Service Execution Through SMBv2 Protocol Detected


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-029 (September 8, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Download Manager
1004902* - Application Control For JDownloader


Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
1005063* - Restrict MySQL Database Access


Mail Server Common
1000883* - SMTP Header Length Restriction


Microsoft Office
1007039 - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006939* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1007040 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)


Novell Configuration Management Preboot Policy Service
1006792* - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability


Suspicious Server Application Activity
1004735* - Detected IP Messenger Server Traffic
1001164* - Detected Terminal Services (RDP) Server Traffic


Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS


Web Application PHP Based
1005465* - Identified Access To WordPress Sensitive Files
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability


Web Client Common
1007023 - Adobe Flash Player Cross Domain Information Disclosure Vulnerability (CVE-2015-5116)
1007022 - Adobe Flash Player DefineBitsLossless Memory Corruption Vulnerability (CVE-2015-3093)
1006409* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8460)
1005676* - Identified Download Of XML File With External Entity Reference
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007029 - Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-2513)
1006950* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1007052 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2506)
1007047 - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)
1006927 - libtiff bmp2tiff Denial Of Service Vulnerability (CVE-2014-9330)


Web Client Internet Explorer
1007041 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-2483)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006931* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1007024 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2485)
1007025 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2486)
1007026 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007028 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2490)
1007030 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2491)
1007043 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2492)
1007045 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2498)
1007046 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)
1007048 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2500)
1007049 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2501)
1007044 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2493)


Web Server Miscellaneous
1006908* - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-029 (September 8, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Download Manager
1004902* - Application Control For JDownloader


Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
1005063* - Restrict MySQL Database Access


Mail Server Common
1000883* - SMTP Header Length Restriction


Microsoft Office
1007039 - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006939* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1007040 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)


Novell Configuration Management Preboot Policy Service
1006792* - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability


Suspicious Server Application Activity
1004735* - Detected IP Messenger Server Traffic
1001164* - Detected Terminal Services (RDP) Server Traffic


Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS


Web Application PHP Based
1005465* - Identified Access To WordPress Sensitive Files
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability


Web Client Common
1007023 - Adobe Flash Player Cross Domain Information Disclosure Vulnerability (CVE-2015-5116)
1007022 - Adobe Flash Player DefineBitsLossless Memory Corruption Vulnerability (CVE-2015-3093)
1006409* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8460)
1005676* - Identified Download Of XML File With External Entity Reference
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007029 - Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-2513)
1006950* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1007052 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2506)
1007047 - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)
1006927 - libtiff bmp2tiff Denial Of Service Vulnerability (CVE-2014-9330)


Web Client Internet Explorer
1007041 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-2483)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006931* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1007024 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2485)
1007025 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2486)
1007026 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007028 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2490)
1007030 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2491)
1007043 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2492)
1007045 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2498)
1007046 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)
1007048 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2500)
1007049 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2501)
1007044 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2493)


Web Server Miscellaneous
1006908* - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-028 (August 25, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service


Backup Server EMC Legato
1001104* - EMC Legato Networker Remote Exec Service Stack Overflow


DNS Client
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
1000159* - Microsoft SMTP Server DNS Handling Buffer Overflow


DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS


Database Oracle
1000251* - Oracle Database Server Buffer Overflow In Procedure START_LOG of CTX_OUTPUT Package


Microsoft Office
1005346* - Identified Suspicious Microsoft Word RTF File
1004978* - MSCOMCTL.OCX RCE Vulnerability For Office Binary File (CVE-2012-0158)
1006625* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)


Novell Configuration Management Preboot Policy Service
1006792 - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability
1006791 - Novell ZENworks Preboot Service Dynamic Port Decoder


Novell File Reporter (NFR) Agent
1005260* - Novell File Reporter SRS XML Server Request With Path Element Detected


OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006920 - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


Web Application PHP Based
1006021* - Joomla JCE Extension Multiple Vulnerabilities


Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability


Web Client Common
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006972* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006958* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006968 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5126)
1006984* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006987* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006967* - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006865* - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006974 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5554)
1006975* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1007012 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5562)
1006969 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5127)
1006988* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006989 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5551)
1006976* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006981* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1007016 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5564)
1006965* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5565)
1006966* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5566)
1007014 - Adobe Reader And Acrobat Heap Based Buffer Overflow Vulnerability (CVE-2015-5105)
1007010 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2015-5089)
1007015 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5108)
1007007 - Adobe Reader And Acrobat Multiple Integer Overflow And Information Disclosure Vulnerabilities
1007001 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4443)
1007002 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4444)
1007009 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4435)
1007011 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4438)
1007000 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4441)
1007003 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4445)
1006886* - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1007004 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4449)
1007005 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4451)
1006998 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4452)
1006999 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5085)
1006996 - Identified Suspicious Microsoft Word RTF File - 1
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006944* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006945* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1004834* - Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow
1006699 - libpng Heap Based Buffer Overflow Vulnerability (CVE-2015-0973)


Web Client Internet Explorer
1006957* - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability (CVE-2015-2502)
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006932* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1004977* - Restrict Microsoft Windows Common ListView And TreeView ActiveX Controls


Web Server IIS
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability


Web Server Miscellaneous
1005597* - Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
1005994* - Apache Struts Multiple Directory Traversal Vulnerabilities
1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
1006155* - Apache Struts ParameterInterceptor Class OGNL Security Bypass Vulnerability
1004982* - Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
1006908 - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Web Server Squid
1000388* - Restrict Squid Cache Manager Access


Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected


Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected


Log Inspection Rules:

1002795* - Microsoft Windows Events
RULE UPDATE: 15-027 (August 14, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1006970 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5129)
1006972 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006973 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006958 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006962 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5541)
1006980 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1006964 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5544)
1006983 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5545)
1006984 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006985 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
1006986 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
1006987 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006990 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5552)
1006991 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5553)
1006636* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0349)
1006967 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006975 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1006965 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3107)
1006966 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5124)
1006971 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5130)
1006959 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5134)
1006960 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5539)
1006961 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5540)
1006988 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006976 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006979 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5559)
1006981 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1006982 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5563)
1006599* - Identified Suspicious Obfuscated JavaScript – 3


Web Client Internet Explorer
1006992 - Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2445)
1006957 - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-026 (August 11, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1006624 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1006936 - Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431)
1006940 - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1006937 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467)
1006938 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468)
1006939 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1006941 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1005158* - Restrict Microsoft Office Files With Embedded SWF - 2


OpenSSL
1006855* - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)


Oracle MySQL InnoDB Memcached Plugin
1005511* - Oracle MySQL Server InnoDB MemCached Remote Denial Of Service Vulnerability


Web Application PHP Based
1006817* - PHP 'phar_parse_tarfile' Memory Corruption Vulnerability
1006819* - PHP DateTime Use After Free Vulnerability (CVE-2015-0273)
1006821* - PHP DateTimeZone Type Confusion Information Disclosure Vulnerability


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006858* - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006914* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3130)
1006915 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3134)
1006866* - Adobe Flash Player Multiple Use After Free Vulnerabilities
1006863* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3119)
1006864* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3121)
1006913* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3129)
1006919* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3132)
1006918* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4433)
1006943 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5117)
1006885 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2014-8450)
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006944 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006949 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1006950 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1006955 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435)
1006956 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
1006945 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1006951 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463)
1006952 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464)


Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006928 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442)
1006929 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006931 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1006932 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1006933 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450)
1006934 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451)
1006935 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452)


Web Client Mozilla Firefox
1006954 - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)


Web Server Common
1000128* - HTTP Protocol Decoding


Web Server Miscellaneous
1004874* - TimThumb Plugin Remote Code Execution Vulnerability


Web Server RealVNC
1006884 - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)


Windows Services RPC Server
1006906* - Identified Usage Of PsExec Command Line Tool


Integrity Monitoring Rules:

1006803 - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800 - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006802 - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801 - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006798 - TMTR-0005: Suspicious Files Detected In Application Directories
1006797 - TMTR-0006: Suspicious Files Detected In Application Directories
1006796 - TMTR-0007: Suspicious Files Detected In Application Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1006805 - TMTR-0009: Suspicious Files Detected In System Folder
1006804 - TMTR-0010: Suspicious Files Detected In System Folder
1006795 - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799 - TMTR-0014: Suspicious Service Detected
1006684* - TMTR-0015: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
1006691* - TMTR-0017: Microsoft Windows - SAM Domain Account Users Modification Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.